Good catch. It appears this broke in https://gitlab.com/openconnect/openconnect/-/commit/7cb8996e21b442c4ec60ce25c87e8a69516fac17#05d8493af0b3a0d467325299d974b0949981595d_189_189, when David cleaned up the protocol-enumerating code and removed the empty/null protocol definition from the end of the list. The problem is that the `print_supported_protocols` function *wasn't* modified here… urk. I'm a little bit mystified about why this appears to *continue to work* on Linux, which is why we haven't noticed it, even though it causes the expected SIGSEGV on Solaris. My guess is that Linux's `calloc` allocates more zero bytes than requested, silently hiding the problem. I've created a MR to properly fix this: https://gitlab.com/openconnect/openconnect/-/merge_requests/94 -Dan On Mon, Apr 20, 2020 at 9:01 AM Thomas Hildebrandt <thomas.hildebrandt@xxxxxxxxxx> wrote: > > All, > > in recent versions of openconncet, I observe a SEGV error in > print_supported_protocols_usage() when running openconnect --help. > > Present analysis seems to point to the way the code iterates over the > array of protocol information ("protos") in this statement: > > 680 for (p=protos; p->name; p++) > 681 printf(" --protocol=%-16s %s%s\n", > 682 p->name, p->description, p==protos ? _(" (default)") : ""); > > The issue is that this loop doesn't terminate as intended due to the way > the protos array is filled. p->name never becomes 0, so the loop tries > to iterate beyond protos' boundaries, causing the SEGV. > > The following fix helped this (at least for me, and there might be > better ways) > > 674 static void print_supported_protocols_usage(void) > 675 { > 676 struct oc_vpn_proto *protos, *p; > 677 int ret; > 678 > 679 if ((ret = openconnect_get_supported_protocols(&protos))>=0) { > 680 printf("\n%s:\n", _("Set VPN protocol")); > 681 for (p=protos; /*p->name,*/ ret>0 ; p++,ret--) > 682 printf(" --protocol=%-16s %s%s\n", > 683 p->name, p->description, p==protos ? _(" (default)") : ""); > > Unfortunately I cannot tell whether this problem exists on other > platforms as well - my Linux boxes miss OpenSSL and I presently have > limited network access only. The suggested fix should work on all > platforms, though. > > Pls. cc: me in replies (if any), as I am not subscribed to the list. > > TIA, kind regards, > - Thomas > -- > Thomas Hildebrandt mailto: Thomas.Hildebrandt(at)Oracle.COM > Senior Field Engineer > Oracle EMEA Systems Support > > Oracle Deutschland B.V. & Co KG http://www.oracle.com > Neue Mainzer Strasse 46-50 http://www.oracle.de > D-60311 Frankfurt am Main > -------------------------------------------------------------------------------- > We make the net work > -------------------------------------------------------------------------------- > NOTICE: This email message is for the sole use of the intended > recipient(s) and may contain confidential and privileged information. > Any unauthorized review, use, disclosure or distribution is prohibited. > If you are not the intended recipient, please contact the sender by > reply email and destroy all copies of the original message. > -------------------------------------------------------------------------------- > Sitz der Gesellschaft: > ORACLE Deutschland B.V. & Co. KG > Hauptverwaltung: Riesstr. 25, D-80992 München > Registergericht: Amtsgericht München, HRA 95603 > Geschäftsführer: Jürgen Kunz > > Komplementärin: ORACLE Deutschland Verwaltung B.V. > Hertogswetering 163/167, 3543 AS Utrecht, Niederlande > Handelsregister der Handelskammer Midden-Nederland, Nr. 30143697 > Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher > > Dear customer, in order to help us serve you better, > please request a survey after SR closure: > > https://oracle-support-surveys.custhelp.com/ci/documents/detail/5/280/12/131aae4624b2f151c23d3aed809e443c27ac405b > > Oracle is committed to developing practices and products that help > protect the environment > > _______________________________________________ > openconnect-devel mailing list > openconnect-devel@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/openconnect-devel _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
